[Mageia-dev] Decoding iptables message

Anne Wilson annew at kde.org
Wed Jul 4 18:23:17 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/07/12 15:42, Pascal Terjan wrote:
> On Wed, Jul 4, 2012 at 4:07 AM, Anne Wilson <annew at kde.org> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> Could someone please tell me what to look for, and where, to
>> solve this puzzle?
> 
> Where do this message come from? I have never seen any such
> messages for iptables drops.

I run logwatch, which is where I found this report.
> 
>> - --------------------- iptables firewall Begin
>> ------------------------
>> 
>> 
>> Listed by source hosts: Dropped 9 packets on interface eth0 From
>> 192.168.0.40 - 9 packets to tcp(38575)
>> 
>> ---------------------- iptables firewall End
>> -------------------------
>> 
>> The machine in question is my mail/file/print server, running a 
>> secondary firewall inside the NAT router.  Port 38575 appears to
>> be unassigned, and I've only seen such messages for the last
>> couple of days.
> 
> Which machine in question? The one displaying this message or
> 192.168.0.40?
> 
192.168.0.40 is the mail/file/print server, running Scientific Linux
6.2.  Come to think of it, it sounds as though this laptop (Tosh) is
reporting that the server is sending packets on 38575 to Tosh.  I've
been through the main logs on the server, though, and can't find
anything significant, which is why I'm feeling a bit stuck.

>> I'm pretty sure that the server hasn't been _directly_ used, i.e.
>> with login to actual physical box, during that time, so the
>> likelihood seems to be some service other systems on the LAN are
>> calling for something.
>> 
>> Any ideas about how to go about tracing this?  I can't find it in
>> any of the logs on the server.  I'm working on the logs on the
>> laptops.

Anne
- -- 
Need KDE help? Try
http://userbase.kde.org or
http://forum.kde.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/0bfMACgkQj93fyh4cnBfaCQCfcusYiV8l2M26Mf/nwegpr3ds
hiMAnRTFddMiFUxEV/798QxSHndQDj4z
=sF+A
-----END PGP SIGNATURE-----


More information about the Mageia-dev mailing list